Based on Security vendor Checkpoint's recent release on Aug 6, hundreds of millions of android devices is facing a new previously unknown vulnerability called Certifi-gate.
This vulnerability lies in the most of Android systems.
Here is Checkpoint's explanation regarding certifi-gate:
Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner.
Checkpoint released a video example: Check Point-built “malicious app” using Team Viewer plugin to gain access to an Android device.
Check Point has also made available a scanner app that can determine whether your device is vulnerable to Certifi-gate. Click here to download the scanner app from Google Play.
Reference:
Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned